Very often I need to use the sudo command because the command I'm running needs higher privileges. Is there some method to minimize the usage of sudo and/or a way to use it that's faster than typing my password, but which is still secure?

6 Answers
6

Many operations and programs do not in themselves need sudo, only for access to certain files. These files often also allow access for a group (e.g. /dev/mixer for group audio on my Debian), and you can avoid the sudo if you add your user to that group. The strace command is a good tool to find out which files are the problem; just look for an open() call that returns a negative value aside from -1.

If you need the sudo command for specific applications (a classic for me being pbuilder, which needs to chroot), it might be a good idea to insert that command and the NOPASSWD flag into /etc/sudoers. That isn't the most secure way (the root user inside the pbuilder environment can do all sorts of crap), but better than typing your password in normal system use and getting used to that.

If you are not a sysadmin then most of the times you use sudo is a indicator that some user rights in the system is wrong. A normal user should not need sudo for the daily work. sudo is for installing new applications and hardware.

So think why you use sudo.
Also think about if you can change something so you don't need to use sudo the next time, or if this is a valid usecase for sudo.

I'm installing often, I'm using command that need sudo (mv, cp, cpufreq-selector), editing system files. Many times I have to use sudo and type password.
–
xralfSep 21 '11 at 7:07

1

@xralf then you can consider yourself what Johan described as sysadmin. But frankly, I believe the truth lies somewhere in between: Being a sysadmin is not a binary qualifier. You can be more of a sysadmin then some people and at the some time much less then some other.
–
rozcietrzewiaczDec 6 '11 at 7:39

Authentication is an important aspect of system administration. You should get used to it. I know that nowadays people try to be more lazy and avoid remembering and typing passwords, but this approach has to lead a decreased security, unless you use some other reasonable authentication method like fingerprint reader.

If you often need to run a number of commands as root, maybe you should use su - instead of sudo in such situations. But remember to log out from root after you've finished or when you go away from the computer - this has to be learned as a habit. You may also consider locking the console using a tool like vlock or within a screen session.

You can configure the timestamp_timeout property to whatever value you want. This controls how long the password is 'cached'. See the sudoers(5) man page.

timestamp_timeout
Number of minutes that can elapse before sudo will ask
for a passwd again. The timeout may include a
fractional component if minute granularity is
insufficient, for example 2.5. The default is 5. Set
this to 0 to always prompt for a password. If set to a
value less than 0 the user's timestamp will never
expire. This can be used to allow users to create or
delete their own timestamps via sudo -v and sudo -k
respectively.